Pop up windows. Directs to "Spyware-Secure"

**alobarn** · 2007-09-17, 09:03

GMER log part3:

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F02E9F76] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F02E8812] aswMon2.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F02E8812] aswMon2.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F02C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F02C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F02C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F78F02C0] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F78F08E6] aswTdi.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F78F08E6] aswTdi.SYS

---- Processes - GMER 1.0.13 ----

Process C:\windows\system32\huyvoxnqt.exe (*** hidden *** ) 2420
Library C:\windows\system32\huyvoxnqt.exe (*** hidden *** ) @ C:\windows\system32\huyvoxnqt.exe [2420] 0x00400000

**alobarn** · 2007-09-17, 09:04

GMER log part 4:

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@huyvoxnqt c:\windows\system32\huyvoxnqt.exe huyvoxnqt
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@huyvoxnqt c:\windows\system32\huyvoxnqt.exe huyvoxnqt

---- Files - GMER 1.0.13 ----

File C:\WINDOWS\Prefetch\HUYVOXNQT.EXE-27ED6F8E.pf
File C:\WINDOWS\system32\huyvoxnqt.dat
File C:\WINDOWS\system32\huyvoxnqt.exe
File C:\WINDOWS\system32\huyvoxnqt_nav.dat
File C:\WINDOWS\system32\huyvoxnqt_navps.dat

---- EOF - GMER 1.0.13 ----

**alobarn** · 2007-09-17, 09:05

I will come back with the DSS log in a few hours..

**alobarn** · 2007-09-17, 14:40

back with the DSS logs.

main.txt:

Deckard's System Scanner v20070905.67
Run by User on 2007-09-17 15:35:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

-- Last 5 Restore Point(s) --
37: 2007-09-17 12:31:58 UTC - RP96 - Deckard's System Scanner Restore Point
36: 2007-09-17 06:39:30 UTC - RP95 - Software Distribution Service 3.0
35: 2007-08-31 15:40:27 UTC - RP94 - Software Distribution Service 3.0
34: 2007-08-20 06:51:04 UTC - RP93 - Software Distribution Service 3.0
33: 2007-08-20 06:45:33 UTC - RP92 - Installed Java(TM) 6 Update 2

-- First Restore Point --
1: 2007-04-16 07:26:06 UTC - RP60 - Σημείο ελέγχου συστήματος

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (512 MiB recommended).

-- HijackThis (run as User.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-17 15:36:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Documents and Settings\User\Επιφάνεια εργασίας\dss.exe
C:\HJT\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SkyTel] SkyTel.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Folding@Home 5.03.lnk = C:\Program Files\Folding@Home\winFAH.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Reg.lnk = C:\Program Files\108Mbps Wireless LAN Adapter\Reg.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor...fo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070720-162116-367 O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
backup-20070720-162116-971 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070905-093925-439 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20070905-093925-543 O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 AR5211 (Wireless LAN Adapter) - c:\windows\system32\drivers\ar5211.sys <Not Verified; ; Wireless Network Adapter>

S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-09-17 12:00:00 364 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job

-- Files created between 2007-08-17 and 2007-09-17 -----------------------------

Nothing created in this timespan.

-- Find3M Report ---------------------------------------------------------------

2007-09-17 15:34:20 0 d-------- C:\Documents and Settings\User\Application Data\OpenOffice.org2
2007-09-14 09:24:34 0 d-------- C:\Program Files\Folding@Home
2007-08-29 09:54:19 0 d-------- C:\Program Files\PartyGaming
2007-08-20 09:48:31 0 d-------- C:\Program Files\Java
2007-07-20 16:08:47 0 d-------- C:\Documents and Settings\User\Application Data\Grisoft
2007-07-19 15:21:09 0 d-------- C:\Program Files\Project64 1.6
2007-07-13 09:32:04 508990 --a------ C:\WINDOWS\system32\perfh008.dat
2007-07-13 09:32:04 86886 --a------ C:\WINDOWS\system32\perfc008.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 10:21 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-17 11:04 C:\WINDOWS\SkyTel.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 13:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"Alcmtr"="ALCMTR.EXE" [2005-05-04 11:43 C:\WINDOWS\Alcmtr.exe]
"Spyware-Secure"="C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe" []
"huyvoxnqt"="c:\windows\system32\huyvoxnqt.exe" [2007-09-05 10:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-03-09 00:56]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"@"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]

C:\Documents and Settings\User\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Folding@Home 5.03.lnk - C:\Program Files\Folding@Home\winFAH.exe [2007-05-23 10:39:40]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 16:54:56]

C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
108Mbps Wireless LAN Adapter Configuration Utility.lnk - C:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe [2007-03-05 00:28:39]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26]
Reg.lnk - C:\Program Files\108Mbps Wireless LAN Adapter\Reg.exe [2007-03-05 00:28:39]

*Newly Created Service* - GMER

-- End of Deckard's System Scanner: finished at 2007-09-17 15:38:47 ------------

**alobarn** · 2007-09-17, 14:41

extra.txt 1/2:

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (0408) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 445.56 MiB / 113.22 MiB
Pagefile Memory (total/avail): 1052.96 MiB / 654.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1959.57 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 149.04 GiB total, 141.27 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-00NCB1 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Σύστημα αρχείων προς εγκατάσταση - 149.04 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

AV: avast! antivirus 4.7.1043 [VPS 000775-0] v4.7.1043 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\User\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\User
LOGONSERVER=\\PC1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\User\LOCALS~1\Temp
TMP=C:\DOCUME~1\User\LOCALS~1\Temp
USERDOMAIN=PC1
USERNAME=User
USERPROFILE=C:\Documents and Settings\User
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

User (admin)
Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Πακέτο βασικής υπηρεσίας παροχής κρυπτογράφησης έξυπνων καρτών της Microsoft --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Ενημέρωση ασφαλείας για Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB911164) -->
Ενημέρωση για Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Ενημέρωση για Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Επείγουσα επιδιόρθωση για Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Επείγουσα επιδιόρθωση για Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
108Mbps Wireless LAN Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94E4FBD6-540C-4DB6-A469-B1FA248DA33E}\setup.exe" -l0x9
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Animated Water Scenes --> C:\WINDOWS\unins000.exe
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Folding@Home --> C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\Folding@Home\UninstallEFAB.DAT
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 5900 series --> C:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InternetGameBox --> C:\Program Files\InternetGameBox\uninst.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Joost (tm) 0.10.7 --> C:\Program Files\Joost\uninst.exe
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003 --> MsiExec.exe /I{91130408-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OpenOffice.org 2.2 --> MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x8 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x8 -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Άμεση επιδιόρθωση για Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Άμεση επιδιόρθωση για Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Άμεση επιδιόρθωση για Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1015 / Error
Event Submitted/Written: 09/17/2007 03:33:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Ελαττωματική εφαρμογή dss.exe, έκδοση 3.2.4.9, ελαττωματική λειτουργική μονάδα msvcrt.dll, έκδοση 7.0.2600.2180, ελαττωματική διεύθυνση 0x00037fd4.
Επεξεργασία συμβάντος μέσου για [dss.exe!ws!]

Event Record #/Type1014 / Error
Event Submitted/Written: 09/17/2007 03:33:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Ελαττωματική εφαρμογή user.exe, έκδοση 1.99.0.1, ελαττωματική λειτουργική μονάδα msvcrt.dll, έκδοση 7.0.2600.2180, ελαττωματική διεύθυνση 0x00037fd4.
Επεξεργασία συμβάντος μέσου για [user.exe!ws!]

Event Record #/Type1008 / Error
Event Submitted/Written: 09/14/2007 09:25:18 AM
Event ID/Source: 1000 / .NET Runtime 2.0 Error Reporting
Event Description:
Faulting application ccc.exe, version 2.0.0.0, stamp 451d264f, faulting module mscorwks.dll, version 2.0.50727.832, stamp 461f2e2a, debug? 0, fault address 0x0006adba.

Event Record #/Type1005 / Error
Event Submitted/Written: 09/13/2007 09:29:32 AM
Event ID/Source: 2001 / Microsoft Office 11
Event Description:
Rejected Safe Mode action : Microsoft Office Outlook.

Event Record #/Type1004 / Error
Event Submitted/Written: 09/13/2007 09:29:19 AM
Event ID/Source: 1000 / Microsoft Office 11
Event Description:
Faulting application outlook.exe, version 11.0.5510.0, stamp 3f1380f0, faulting module outllib.dll, version 11.0.5608.0, stamp 3f35d24e, debug? 0, fault address 0x0023e0c0.

**alobarn** · 2007-09-17, 14:42

extra.txt 2/2:

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type12713 / Warning
Event Submitted/Written: 09/13/2007 02:53:20 PM
Event ID/Source: 1073 / USER32
Event Description:
Η προσπάθεια για Άγνωστο PC1 απέτυχε

Event Record #/Type12651 / Warning
Event Submitted/Written: 09/11/2007 02:37:47 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Το πρόγραμμα περιήγησης δεν ήταν δυνατό να ανακτήσει μια λίστα διακομιστών από το κύριο πρόγραμμα περιήγησης \\PC2 στο δίκτυο \Device\NetBT_Tcpip_{F4B5D9B2-151A-40EA-A5D6-64482BDC7D58}.
Τα δεδομένα βρίσκονται στον κώδικα σφάλματος.

Event Record #/Type12009 / Warning
Event Submitted/Written: 08/29/2007 05:15:55 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Το πρόγραμμα περιήγησης δεν ήταν δυνατό να ανακτήσει μια λίστα διακομιστών από το κύριο πρόγραμμα περιήγησης \\PC2 στο δίκτυο \Device\NetBT_Tcpip_{F4B5D9B2-151A-40EA-A5D6-64482BDC7D58}.
Τα δεδομένα βρίσκονται στον κώδικα σφάλματος.

Event Record #/Type12008 / Warning
Event Submitted/Written: 08/29/2007 05:15:20 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Το πρόγραμμα περιήγησης δεν ήταν δυνατό να ανακτήσει μια λίστα διακομιστών από το κύριο πρόγραμμα περιήγησης \\PC2 στο δίκτυο \Device\NetBT_Tcpip_{F4B5D9B2-151A-40EA-A5D6-64482BDC7D58}.
Τα δεδομένα βρίσκονται στον κώδικα σφάλματος.

Event Record #/Type11969 / Warning
Event Submitted/Written: 08/28/2007 04:40:50 PM
Event ID/Source: 8021 / BROWSER
Event Description:
Το πρόγραμμα περιήγησης δεν ήταν δυνατό να ανακτήσει μια λίστα διακομιστών από το κύριο πρόγραμμα περιήγησης \\PC2 στο δίκτυο \Device\NetBT_Tcpip_{F4B5D9B2-151A-40EA-A5D6-64482BDC7D58}.
Τα δεδομένα βρίσκονται στον κώδικα σφάλματος.

-- End of Deckard's System Scanner: finished at 2007-09-17 15:38:47 ------------

**Blade81** · 2007-09-17, 17:29

Hi

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

**alobarn** · 2007-09-19, 09:58

the NAVILOG log:

Search Navipromo version 3.0.4 began on 2007-09-19 at 10:54:13.68

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 16.09.2007 at 13h00 by IL-MAFIOSO

Microsoft Windows XP [λ΅›¦©ž 5.1.2600]
Version Internet Explorer : 7.0.5730.11

Done in normal mode

*** Searching for installed Software ***

InternetGameBox

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

C:\Program Files\InternetGameBox found !

*** Search folders in C:\Documents and Settings\All Users\Application Data ***

*** Search folders in C:\Documents and Settings\User\Application Data ***

*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is a product of F-secure, for more info:
http://www.f-secure.com/blacklight/blacklight_help.html

Hidden(s) file(s) in C:\WINDOWS\system32 :

c:\WINDOWS\system32\huyvoxnqt.dat
C:\windows\system32\huyvoxnqt.exe
c:\WINDOWS\system32\huyvoxnqt_nav.dat
c:\WINDOWS\system32\huyvoxnqt_navps.dat

Hidden(s) Process in C:\WINDOWS\system32 :

C:\windows\system32\huyvoxnqt.exe

*** Search with GenericNaviSearch ***
!!! Possibility of legitims files in the result !!!
!!! To be always checked before manually deleting !!!

* Scan C:\WINDOWS\system32 *

Files found :

huyvoxnqt.exe found !

Suspicious Files :

No Suspicious File found !

*** Search files ***

C:\DOCUME~1\User\6808~1\InternetGameBox.lnk found !
C:\WINDOWS\pack.epk found !
C:\WINDOWS\system32\nvs2.inf found !
C:\WINDOWS\prefetch\INTERNETGAMEBOX.EXE-1EE9EDEF.pf found !

*** Search registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !
HKEY_USERS\S-1-5-21-823518204-308236825-682003330-1004\Software\Lanconfig found !

*** Complementary Search ***
(Search specifics files)

1)Search known files:

2)Heuristic Search :

C:\WINDOWS\system32\huyvoxnqt.dat found !
C:\WINDOWS\system32\huyvoxnqt_navps.dat found !

3)Certificates Search :

Certificate Egroup found !

*** Search completed on 2007-09-19 at 10:59:55.70 ***

**Blade81** · 2007-09-19, 18:58

Hi

* Double click on Navilog1 shortcut icon on your desktop to run it.
* Press E for English from the language Menu.
* Type 2 in the next Menu and press Enter.
* The tool will then advise you that it will restart your computer.
* Close all open windows and save personnal documents, if open, too.
* If your computer doesn't restart automatically, restart it manually.
* Choose your usual session.
* Wait for the *** Clean finished the ... *** message (It may take a reasonable amount of time)
* A new document will be produced.
* Please copy/paste the contents of this report in your next reply with a fresh hjt log.
* Your desktop will now appear.

Note : In the event you lose your desktop, press CTRL+ALT+Delete and run Explorer.exe as a new task.

The report is also saved in the root directory, %SystemDrive%\cleannavi.txt.. (usually C:\cleannavi.txt)

**alobarn** · 2007-09-24, 08:31

hi.

Navilog log after clean up:

Navipromo Removal version 3.0.4 started on 2007-09-24 at 9:28:59.34

Fix running from C:\Program Files\navilog1
echo Updated on 16.09.2007 at 13h00 by IL-MAFIOSO

Microsoft Windows XP [λ΅›¦©ž 5.1.2600]
Internet Explorer : 7.0.5730.11

echo Automatic removal

*** Creating backups for files found by Blacklight

Copy to "C:\Program Files\navilog1\Backupnavi"

*** Deleting files found with Blacklight ***

c:\WINDOWS\system32\huyvoxnqt.dat deleted !
C:\windows\system32\huyvoxnqt.exe deleted !
c:\WINDOWS\system32\huyvoxnqt_nav.dat deleted !
c:\WINDOWS\system32\huyvoxnqt_navps.dat deleted !

** Second pass **

C:\WINDOWS\system32\huyvoxnqt.exe not found !
C:\WINDOWS\system32\huyvoxnqt.dat not found !
C:\WINDOWS\system32\huyvoxnqt_nav.dat not found !
C:\WINDOWS\system32\huyvoxnqt_navps.dat not found !
C:\WINDOWS\system32\huyvoxnqt_navup.dat not found !
C:\WINDOWS\system32\huyvoxnqt_navtmp.dat not found !
C:\WINDOWS\system32\huyvoxnqt_m2s.xml not found !

C:\WINDOWS\prefetch\huyvoxnqt*.pf found !
Copy C:\WINDOWS\prefetch\huyvoxnqt*.pf done !
C:\WINDOWS\prefetch\huyvoxnqt*.pf deleted !

*** Deleting with Backups results GenericNaviSearch ***

* Scan C:\WINDOWS\system32 *

*** Deleting folders in C:\WINDOWS ***

*** Deleting folders in C:\Program Files ***

C:\Program Files\InternetGameBox ...deleting...
C:\Program Files\InternetGameBox deleted !

*** Deleting folders in C:\Documents and Settings\All Users\Application Data ***

*** Deleting folders in C:\Documents and Settings\User\Application Data ***

*** Deleting files ***

C:\DOCUME~1\User\6808~1\InternetGameBox.lnk deleted !
C:\WINDOWS\pack.epk deleted !
C:\WINDOWS\system32\nvs2.inf deleted !
C:\WINDOWS\INTERNETGAMEBOX.EXE-1EE9EDEF.pf deleted !

*** Deleting temporary files ***

Cleanning C:\WINDOWS\Temp done !
Cleanning C:\Documents and Settings\User\Local Settings\Temp done !

*** Complementary Search ***
(Search specifics files)

1)Search known files:

2)Searching and deleting Heuristics :

*** Copy registry to Backupnavi folder ***

Backing up registry done !

*** Clean registry ***

Registry cleaned

*** Certificates ***

Egroup Certificate deleted !

*** Cleaning stage complete 2007-09-24 at 9:31:51.39 ***

Thread: Pop up windows. Directs to "Spyware-Secure"

Thread Tools

Display

Posting Permissions